Drupal Hotblocks Module HTML Injection and Denial of Service Vulnerabilities

Hotblocks is prone to HTML-injection and denial-of-service vulnerabilities.

Attackers can exploit these issues to cause denial-of-service conditions or to execute attacker-supplied HTML or JavaScript code in the context of the affected site, potentially allowing them to steal cookie-based authentication credentials and to control how the site is rendered to the user.

Hotblocks versions prior to 6.x-1.8 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus